EIP-2026-116908

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116908. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages DNS rebinding to bypass authentication in Blizzard Update Agent's JSON RPC server, allowing any website to send privileged commands to the agent running on localhost port 1120. The attack involves alternating DNS resolutions to bypass same-origin policy and execute commands such as installing or downloading files.

Description

Blizzard Update Agent - JSON RPC DNS Rebinding

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textlocalwindows

https://www.exploit-db.com/exploits/43879

View Code ZIP pw:eip

This exploit leverages DNS rebinding to bypass authentication in Blizzard Update Agent's JSON RPC server, allowing any website to send privileged commands to the agent running on localhost port 1120. The attack involves alternating DNS resolutions to bypass same-origin policy and execute commands such as installing or downloading files.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Blizzard Update Agent (version 2.13.4.5955)

No auth needed

Prerequisites: Victim must have Blizzard Update Agent installed · Victim must visit a malicious website · DNS rebinding setup (e.g., rbndr.us)

MITRE ATT&CK

T1211 - Exploitation for Defense Evasion T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Blizzard Update Agent - JSON RPC DNS Rebinding

Exploitation Summary

Description

Exploits (1)

Details